-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday, 2014-01-08 at 01:51 -0000, Jim Henderson wrote:
On Wed, 08 Jan 2014 01:53:40 +0100, Carlos E. R. wrote:
Well, in this case it appears the hacker only wanted to prove that there was a vulnerability, in order to force vbulleting to update their software fast, no intention to use the obtained data.
Or so he claims.
If he were, he'd have told vBulletin of the exploit. The exploit is described as a "private exploit," which to me says he's not disclosed it.
Aparently, he did - or so says user "Matt" on the news thread comments (https://news.opensuse.org/2014/01/07/opensuse-forums-defaced/): This exploit was posted in the licensed customer feedback forum at vBulletin.com. This is the reply from Joe D: “At this time we are not aware of any known exploit and I am unsure how or why they believe the exploit is with the forum software. - -- Cheers, Carlos E. R. (from 12.3 x86_64 "Dartmouth" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlLNq+gACgkQtTMYHG2NR9WUggCfeOyWtl34RPLuUPNOjH+gfrGN knoAnA9AGuHc4P3zlHppws58EOScBoSu =tdJI -----END PGP SIGNATURE-----